keygen.exe

The executable keygen.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs02n1.sendspace.com.
MD5:
83dcde037f9e256cdf0a81a54308a8a5

SHA-1:
7a3068cba5a3f34c7c497101900ba17c4fb95ba8

SHA-256:
c70d6b1b08f792a04e82919119ca67fb61796f22c608bd8b591c1e49f6989970

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/29/2024 5:23:00 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Patched-AFR [Trj]
160326-0

Emsisoft Anti-Malware
Application.Keygen.ET
11.5.0.6191

ESET NOD32
Win32/Keygen.AU potentially unsafe application
8.0.319.0

Norman
Application.Keygen.ET
10.04.2016 15:29:17

File size:
239 KB (244,736 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\keygen.exe

File PE Metadata
Compilation timestamp:
9/26/2010 8:16:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:B5iCnQtqr0R6P0v/kN73SprdrGuNfsx8ly0P619z/IECFm/ocR:B5iCQM04P6kz8rF/e9btCY/x

Entry address:
0x257D8

Entry point:
B8, 5C, 97, 47, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 32, EC, 7E, F5, EF, 6D, C4, 49, 1C, 2D, 8F, 68, 3C, 39, 72, 2A, 5F, AE, D0, 6C, 3F, 98, C8, 64, 14, 1C, F5, 9C, 34, CA, D3, 80, C4, 17, DD, 54, 04, 90, 6E, C9, 27, 3A, 81, 36, EA, 38, BC, 1E, 62, CC, 16, 55, 46, ED, 25, 40, 9B, 42, EC, 4D, D0, 2D, A0, E8, 61, 33, 12, 3B, 5C, 8D, 5C, E8, 77, 5C, BB, 35, C1, 9B, 55, 80, B9, D6, A0, 42, B6, 0E, 85, B2, 1E, EF, A6, 64, 72...
 
[+]

Entropy:
7.9501

Packer / compiler:
PECompact v2

Code size:
146.5 KB (150,016 bytes)

The file keygen.exe has been seen being distributed by the following URL.

Remove keygen.exe - Powered by Reason Core Security